The Emergent Chaos Jazz Combo

Main menu

Post navigation

Thank You, Choicepoint

It’s been a year since Choicepoint fumbled their disclosure that Nigerian con man Olatunji Oluwatosin had bought personal information about 160,000 Americans. Bob Sullivan broke the story in “Database giant gives access to fake firms,” and managed to presage much of what’s happened in the opening paragraphs of his story:

Last week, the company notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by “unauthorized third parties,” according to ChoicePoint spokesman James Lee.

California law requires firms to disclose such incidents to the state’s consumers when they are discovered. It is the only state with such a requirement but such data thefts are rarely limited to a single geographic area.

Lee said law enforcement officials have so far advised the firm that only Californians need to be notified.

I raised the question of other states the next day on a panel at the RSA Conference, and have been getting milage out of Choicepoint and breaches ever since. I’d like to take a moment to look back at what’s happened, what we’ve learned, and yes, to honestly thank Choicepoint for the dramatic changes in international privacy law and norms that they’ve brought about. Derek Smith, Choicepoint’s CEO, had been fond of calling for a national debate. I don’t think he anticipated the answers that debate has produced.

Those laws, and the new expectation of disclosure have lead to enough data coming out that it can be analyzed. What’s more, analysis, mostly by the Ponnemon Institute, has helped define how to disclose these issues.

Choicepoint stock has still not recovered, despite a plethora of actions designed to boost it, including stock buybacks. The largest fine ever imposed by the FTC didn’t help. Choicepoint, despite the increased brand recognition, also faces increased scrutiny, as I discussed in “Cost of Breaches,” and the Bode cancellation, mentioned in the November 7th “Choicepoint Roundup.”

Speaking of stock, the SEC investigation into insider trading by Choicepoint executives continues.

To improve their reputation, Choicepoint has stepped up their internal audit processes, annoying some customers, as discussed in “CounterTerroristm and Bureauracy.”

2 thoughts on “Thank You, Choicepoint”

The recent Mountain America attack shows you how you can rectify your background check, you simply post the background check you desire on Choicepoint’s service, pay the fee and everyone’s happy. I urge you to reconsider …